BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 06-02-2010, 01:41 PM   #1 (permalink)
Appleinator
 
Dubdub's Avatar
 
Join Date: Nov 2005
Location: New Hampshire
Model: App5
OS: AJBR549
PIN: Ask
Carrier: ATT & Verizon
Posts: 20,018
Post Thanks: 54
Thanked 778 Times in 740 Posts
Default Dangerous New Mac Spyware Making the Rounds

Please Login to Remove!

This has little to do with BB's but a lot to do with Mac users:

Dangerous New Mac Spyware Making the Rounds

Thereís a very nasty piece of spyware attacking Appleís computer platform. Itís called OSX/OpinionSpy, and it piggybacks in on free screensaver and media conversion software.

Specifically, around 30 screensavers developed by a company called 7art and one app called Mishinc FLV to MP3 carry the spyware, according to security firm Intego. The programs were available on popular sites, like Softpedia, MacUpdate and VersionTracker, though theyíve since been pulled from those locations. MacUpdate told CNET that it had been aware of the problem as far back as March and had acted accordingly.

The spyware app isnít part of the software itself, but instead downloads during the installation of the originally downloaded programs. It often masquerades as a market research program called PremierOpinion that tracks browsing and purchasing information for market research purposes, but it also can come completely unannounced. The aim of OSX/OpinionSpy is to collect data from files and programs. Hereís a breakdown of a few ways it does its dirty work:

* Runs as root, allowing complete access, including modification, to all files
* Scans all accessible files on local and network drives
* Opens a back door using port 8254
* Analyzes data transmitted via a LAN connection, allowing a single Mac to collect data from an entire network
* If the application is killed, it automatically relaunches via launchd, the system-wide OS X service launcher
* Injects code into Safari, Firefox and iChat without any user authorization or action required, and then copies personal data from these applications. Code is injected into Mac memory, not the actual applicationís files, allowing it to go undetected

It can be upgraded via the backdoor access without the userís knowledge, and just deleting the original program it came in on wonít eliminate the spyware itself. To rid yourself of the infection, if you think you might have it, you should grab ClamXav or iAntiVirus or another trusted Mac malware scanner. Signs that you may be infected include your computer sometimes asking for your name or prompting you to fill out forms and surveys. Also, your computer may stop working correctly and require a reboot.

Intego is using the opportunity to push its anti-virus products, which is only fair given that itís at least warning people about it, but as always, I recommend sensible downloading and browsing practice before any other means of virus or malware protection. If something seems suspicious, it probably is, and if you find you have no internal means of analyzing what constitutes danger and what doesnít in term of online activity, consult with someone who you know definitely does. Finally, if something is free, always exercise extra caution

Dangerous New Mac Spyware Making the Rounds
__________________
-->>BB FAQ

-->>Stinsonddog's Tip Site!

-->>Twitter


If someone helps, tell them by clicking the Thanks button.!!
Offline  
Old 06-02-2010, 07:42 PM   #2 (permalink)
Thumbs Must Hurt
 
Join Date: Feb 2009
Location: Chicago
Model: 9000
OS: OS 10.6
PIN: N/A
Carrier: At&t
Posts: 61
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

thank you for the info Dubdub. very helpful
Offline  
Old 06-09-2010, 10:31 AM   #3 (permalink)
New Member
 
steveberry's Avatar
 
Join Date: May 2010
Location: Toronto
Model: 8100
PIN: N/A
Carrier: Rogers
Posts: 10
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Great post! Thank you for sharing this.
Offline  
Old 06-09-2010, 10:44 AM   #4 (permalink)
Appleinator
 
Dubdub's Avatar
 
Join Date: Nov 2005
Location: New Hampshire
Model: App5
OS: AJBR549
PIN: Ask
Carrier: ATT & Verizon
Posts: 20,018
Post Thanks: 54
Thanked 778 Times in 740 Posts
Default

I have not heard any more about, so I do not know how "real" or how it has spread.
__________________
-->>BB FAQ

-->>Stinsonddog's Tip Site!

-->>Twitter


If someone helps, tell them by clicking the Thanks button.!!
Offline  
Old 06-12-2010, 12:09 PM   #5 (permalink)
CrackBerry Addict
 
Jagga's Avatar
 
Join Date: Oct 2004
Location: Toronto
Model: Z10
Carrier: Lord Rogers - 107
Posts: 862
Post Thanks: 6
Thanked 6 Times in 5 Posts
Default

There was a recent update to Safari so I'm sure this is closed. Also these will request a password for admin no? Root requires an admin pw to begin with.
__________________
Senior help desk administrator (rim_db_admin_sr_helpdesk)
Serious Mobile
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.